QUARTERLY THREAT REPORT

Q1 2025: Threat insights & recommendations

A detailed look into data Expel’s SOC collected, focused on attack surface management

Download the report

Our latest Quarterly Threat Report

Once a quarter, Expel’s SOC pulls together a deep dive report on the threat intelligence data we’ve gathered in the last quarter. The data is based on incidents our analysts identified through investigations into alerts, email submissions, or threat hunting leads.

It’s then analyzed across our customer base, spanning organizations of all sizes, many industries, and with different security maturity levels. In the process, we identify patterns and attacker tendencies to help guide strategic decision-making and operational process recommendations for your team.

It’s released in two formats: you can read each part on our blog, or you can download the full report.

Q1 by the numbers

Here’s a glimpse into what we saw this quarter overall.

66%

Of incidents investigated were identity-based attacks

21%

Of the incidents we observed were non-targeted malware attacks

5%

Of incidents accounted for authorized pen tests, or red and purple team exercises

2%

Of total incident volume targeted cloud infrastructure directly